Best practices for network security management

With visibility on both the network and device level, tremendous amounts of data are translated into intelligence that deciphers complicated network security transactions into manageable, actionable information.

Daily or weekly reviews of all devices on the network is unattainable with a manual process, and reviewing device configurations less frequently puts network security and compliance at risk. Automating policy compliance helps ensure compliance and consistency, and preserves IT resources.

Ideally, a network modeling tool that provides a macro view should also allow administrators to drill down into a micro view of each device, providing information on users, applications, vulnerabilities, and more. This allows administrators to see the broader network view and then focus in on particular devices for management.

#3 Simulate Attacks for Context-Aware Risk Assessments. Merely knowing the network vulnerabilities and their criticality is insufficient for understanding the true level of risk to an organization. Today's attacks often incorporate multiple steps that cross several different network zones, and an isolated view of any of these steps could appear innocuous.

Attack simulation technology automatically looks at the holistic network business assets, known threats and vulnerabilities and identifies what would happen if the conditions were combined. Attack simulation can also evaluate potential options to block an attack, providing intelligence for decision support. Understanding the likelihood of an attack and its potential impact against valuable targets is the key to assessing which vulnerabilities and threats post the most risk.

Attack simulation technology looks at network context, asset criticality, business metrics, and existing security controls when determining the impact of a potential attack. For example, if an asset runs an application that is crucial to maintaining the business and requires continuous availability, a medium-level vulnerability that threatens to disable this asset might be a high-level risk to this particular business.

The impact of deploying a particular security control must also be considered. Keeping an IPS continually on active mode can impact network performance. Attack simulation tools enable security teams to target use of their IPS protection, activating only necessary signatures, maximizing performance, and prioritizing vulnerabilities.

#4 Secure Change Management Is Critical. Once a network is in compliance, a secure change management process is needed to maintain continuous compliance and validate that planned changes do not introduce new risk. Secure change management incorporates risk assessment in an orchestrated, standardized process; flags changes outside of this structure, allows administrators to reconcile flagged changes, and troubleshoots where needed. Secure change management verifies that changes were implemented as intended, identifies when a change has unintended consequences, and highlights unapproved changes.

For example, a change management process can flag when a network change will expose vulnerabilities, when a firewall change opens access to risky services, or when there is an unauthorized access path from a partner to an internal zone. More importantly, to maintain network security, change management processes can be used to determine the impact of a proposed change before implementing the change.